CN106452789A - Signature method of preventing side-channel attack from multi-azimuth - Google Patents
Signature method of preventing side-channel attack from multi-azimuth Download PDFInfo
- Publication number
- CN106452789A CN106452789A CN201610943335.6A CN201610943335A CN106452789A CN 106452789 A CN106452789 A CN 106452789A CN 201610943335 A CN201610943335 A CN 201610943335A CN 106452789 A CN106452789 A CN 106452789A
- Authority
- CN
- China
- Prior art keywords
- key element
- random number
- bit
- azimuth
- channel attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a signature method of preventing side-channel attack from multi-azimuth. The signature method of preventing side-channel attack from multi-azimuth is characterized in that the technology or similar technology contained in the signature method masks the base, and an RSA signature or other public key system signatures are obtained; in the signature method of preventing side-channel attack from multi-azimuth, two module exponentiation results are obtained at the same time, and the power exponents are radix minus one complement for each other; when modular exponentiation is realized, the verification technology of preventing outputting error data is used; and for the modular exponentiation algorithm which does not use the jump statement, the signature method of preventing side-channel attack from multi-azimuth is the technology that during the operation process, the data or the operation result data is equal to the Hamming weight. The signature method of preventing side-channel attack from multi-azimuth effectively protects the step which is known and is easy to be attacked during the RSA STD operation process. The modular exponentiation provided by the signature method of preventing side-channel attack from multi-azimuth can be fully applied to the RSA CRT operation, and can realize that the algorithm of the modular exponentiation algorithm and the complementary power can be transplanted to the point multiplication operation of SM2 at the same time. The test that whether the module exponentiation is attacked can be similarly transplanted in the point multiplication operation of SM2.
Description
Technical field
The present invention relates to information security field, particularly to a kind of endorsement method of multi-faceted anti-side-channel attack.
Background technology
RSA public key encryption algorithm is the public key cryptography technology comparing main flow in information security field.Each based on RSA realization
Plant Key and smart card has been widely used for the every field such as finance, communication, social security, traffic.Tradition is main to the attack of RSA
Based on Big prime decomposition algorithm in mathematics, and side-channel attack quickly grows in recent years, and various attack meanses emerge in an endless stream.
SPA, DPA, CPA, double attack and fault analysis mainly to be considered to the protection of RSA signature in the past.For prevent with
Upper attack, existing scheme general all mask index and truth of a matter in the modular exponentiation calculation of RSA signature, using similar Montgomery
It is operationally just the same that the mode of ladder seeks modular multiplication, mould square, and prevents mistake by way of mould power twice by calculating
Attack.But all of scheme all cannot protect all attack methods set forth above.And due to recent attack tool and attack
The improvement of method, the scheme being in the past similar to Montgomery ladder is easy to be attacked out knot because of redirecting by SPA in realization
Really, and if the Hamming weight of operand is inconsistent also easily attacked.
Content of the invention
It is an object of the invention to provide a kind of endorsement method of multi-faceted anti-side-channel attack.
The invention provides a kind of endorsement method of multi-faceted anti-side-channel attack and scheme, it is right that the method can effectively be defendd
The attack of RSA signature.During mould power is realized, calculate the mould power of index and the mould power of index complement code, i.e. a mould power simultaneously
Process calculates the value of two mould powers, and ensures balancing energy in power consumption.When mould power is subject to fault analysis, by mathematical operation
Can judge whether the data of Montgomery Algorithm is correct.For avoiding inverting, present invention also offers the STD form of private key negative value.
To achieve these goals, the present invention provides a kind of endorsement method of multi-faceted anti-side-channel attack and scheme, bag
Containing step:
Step one, the modulus N of input RSA, message M, private key element d, public key element e, the length of private key element d is t ratio
Spy, the length of public key element e is less than or equal to the bit long of N, and ensures that M is less than N;
Step 2, generates random number trng1 that length is t bit, and takes advantage of public key element with described random number trng1 priority
E and private key element d, this operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1;
Step 3, generates random number trng2 that length is t bit, with described random number trng2 as the truth of a matter, in step b
Data z1 arriving is index, and bit length is bitlen bit, and execution is following to be operated:
The space of 3 pieces of t bits of setting is respectively S0, S1, A, three block spaces are entered as respectively;S0=S1=1, A=trng2;
I executes following process from 0 to bitlen:
1. obtain the current bit value of z1;
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A;
3. to A square and put in A;
Verification S0*S1* whether X-A is 0, if not being 0, exits;
Step 4, in step 3, output result is designated as S respectively0, S1;
Step 5, generates random number trng3 that length is t bit, and takes advantage of public key element e and private key with this random number priority
Element d, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2;
Step 6, N is modulus, and trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM;
Step 7, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result S'0, S'1;
Step 8, calculates S1*S'1, and with this result as the truth of a matter, public key element e is index, and N is modulus, a in execution 3, b,
C tri- step, obtains output result S "0, S "1If, S "1=M, then export S1*S'1, or not output data.
The specific embodiment being provided according to the present invention, the invention discloses following technique effect:
The invention has the beneficial effects as follows, contrast most of attack protection scheme, program mask index and the truth of a matter simultaneously, energy
SPA known to protection (simple energy analysis), DPA (differential energy analysis), CPA (chosen -plain attact).Export in scheme simultaneously
Power side and power exponent radix-minus-one complement power, it is to avoid the appearance of inversion process, invert time-consuming.In scheme, mould power part, result
Output par, c, employs calibration technology respectively, prevents wrong data export technique during fault analysis.
The present invention is prevented from the known power consumption analysis attack such as any type of SPA, DPA, CPA;Prevent mistake simultaneously
During attack, export effective wrong data.
The known step easily attacked in effective protection of the present invention RSA STD calculating process.The mould that the present invention provides
Power verifies, also can be complete use in the middle of RSACRT computing, realizes the transplanting that the algorithm of mould power and complement code power can be similar to simultaneously
To in the point multiplication operation of SM2.In the point multiplication operation being transplanted to SM2 that the verification whether mould power is attacked can be similar to.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment
Need use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only the present invention some enforcement
Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these accompanying drawings
Obtain other accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of the endorsement method of multi-faceted anti-side-channel attack of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
It is an object of the invention to provide a kind of endorsement method of multi-faceted anti-side-channel attack.
Understandable for enabling the above objects, features and advantages of the present invention to become apparent from, below in conjunction with the accompanying drawings and specifically real
The present invention is further detailed explanation to apply mode.
Embodiment 1:
A kind of endorsement method of multi-faceted anti-side-channel attack and scheme, the key of common RSA is divided into public key and private key, its
Middle e, N are the public key of RSA;D, N are RSA private key.
Commonly the method for RSA key signature is:Sign (M)=MdmodN.Wherein M is to be signed the plucking of user input
Will;N, d private key, N is modulus.
Based on basic mould power and the verification of mould power, a kind of signature scheme of multi-faceted anti-side-channel attack is as follows:
(RSA signature) Sign (M, e, d, N);
Generate random number trng1, calculate z1=trng1* (e*d-1)-d;
Generate random number trng, calculate (S0,S1)=EXP (trng, z1, N);If returning 1, export S0, S1Continue executing with
3, otherwise directly return 0, do not export any result;
Generate random number trng2, calculate z2=trng2* (e*d-1)+d;
Calculate maskM=M*trngmodN;
Calculate (S'0,S'1)=EXP (maskM, z2, N);If returning 1, export S'0, S'1Continue executing with 6, otherwise directly
Return 0, do not export any result;
Calculate (S "0,S”1)=EXP (S1*S’1, e, N), if S "1=M, then export S1*S'1, otherwise directly return 0, no
Export any result.
The key of common RSA is divided into public key and private key, and wherein e, N is the public key of RSA;D, N are RSA private key.
Commonly the method for RSA key signature is:Sign (M)=Mdmod N.Wherein M is to be signed the plucking of user input
Will;N, d private key, N is modulus.
First, we devise a kind of basis modulus-power algorithm, from the mode of index low level traversal, calculate x simultaneouslytModN and
x~tMod N, wherein~t are the complement codes of t.
Algorithm one (basic mould power) EXP1 (x, t, N):
Output S0、S1;Wherein s0=x~tModN, s1=xtmodN.
Algorithm two (verification of mould power) EXP2 (x, t, N):
3rd, calculate c=S0*S1*x-A
If c=0, export s0=x~eMod N, s1=xeMod N, returns 1;Otherwise not output result, returns 0
Based on algorithm one and algorithm two, it is as follows that we devise a kind of RSA signature algorithm of anti-side-channel attack:
Algorithm three (RSA signature) Sign (M, e, d, N);
Generate random number trng1, calculate z1=trng1* (e*d-1)-d
Generate random number trng, calculate (s0,s1)=EXP (trng, z1, N);If returning 1, export s0, s1Continue executing with
3, otherwise directly return 0, do not export any result
Generate random number trng2, calculate z2=trng2* (e*d-1)+d
Calculate maskM=M*trng mod N
Calculate (S'0,S'1)=EXP (maskM, z2, N);If returning 1, export s'0, s'1Continue executing with 6, otherwise directly
Return 0, do not export any result
Calculate (S "0,S”1)=EXP (S1*S'1, e, N), if S "1=M, then export S1*S'1, otherwise directly return 0, no
Export any result
Example two
The modulus N of input RSA, message M, the length of private key element d are t, and the length of public key element e is 32 less than or equal to N
Bit number, and ensure M be less than N
Generate random number trng1 that length is t bit, and take advantage of public key element e and private key element d with this random number priority,
This operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1
Generate random number trng2 that length is t bit, with this data as the truth of a matter, data z1 obtaining in 2 is index (its
Bit length is bitlen bit), execution is following to be operated:
3 pieces of (respectively S of setting0、S1, A) t bit space, three block spaces are entered as respectively;S0=S1=1, A=
trng2
B, i execute following process from 0 to bitlen:
1. obtain the current bit value of z1
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A
3. to A square and put in A
C, verification S0*S1* whether x-A is 0, if not being 0, exits
4th, in process 3, output result is designated as S respectively0, S1
5th, generate random number trng3 that length is t bit, and take advantage of public key element e and private key element with this random number priority
D, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2
6th, with N as modulus, trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM
7th, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result s'0, s'1
8th, calculate S1*S'1, and with this result as the truth of a matter, e (public key element) is index, N is modulus, a, b, c tri- in execution 3
Step, obtains output result S "0, S "1If, S "1=M, then export S1*S'1, or not output data.
The known step easily attacked in effective protection of the present invention RSA STD calculating process.The present invention provides
Mould power verifies, also can be complete use in the middle of RSA CRT computing, realizes the shifting that the algorithm of mould power and complement code power can be similar to simultaneously
Plant in the point multiplication operation of SM2.In the point multiplication operation being transplanted to SM2 that the verification whether mould power is attacked can be similar to.
Specific case used herein is set forth to the principle of the present invention and embodiment, the saying of above example
Bright it is only intended to help and understands the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, foundation
The thought of the present invention, all will change in specific embodiments and applications.In sum, this specification content is not
It is interpreted as limitation of the present invention.
Claims (1)
1. a kind of endorsement method of multi-faceted anti-side-channel attack is it is characterised in that comprise:
Step one, the modulus N of input RSA, message M, private key element d, public key element e, the length of described private key element d is t ratio
Spy, the length of described public key element e is less than or equal to the bit long of N, and ensures that M is less than N;
Step 2, generate length be t bit random number trng1, and with described random number trng1 priority take advantage of public key element e and
Private key element d, this operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1;
Step 3, generates random number trng2 that length is t bit, with described random number trng2 as the truth of a matter, obtains in step b
Data z1 is index, and bit length is bitlen bit, and execution is following to be operated:
The space of 3 pieces of t bits of setting is respectively S0, S1, A, three block spaces are entered as respectively;S0=S1=1, A=trng2;
I executes following process from 0 to bitlen:
1. obtain the current bit value of z1;
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A;
3. to A square and put in A;
Verification S0*S1* whether X-A is 0, if not being 0, exits;
Step 4, in step 3, output result is designated as S respectively0, S1;
Step 5, generates random number trng3 that length is t bit, and takes advantage of public key element e and private key element with this random number priority
D, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2;
Step 6, N is modulus, and trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM;
Step 7, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result S'0, S1';
Step 8, calculates S1*S′1, and with this result as the truth of a matter, public key element e is index, N is modulus, a, b, c tri- in execution 3
Step, obtains output result S "0, S "1If, S "1=M, then export S1*S′1, or not output data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943335.6A CN106452789B (en) | 2016-11-02 | 2016-11-02 | A kind of endorsement method of multi-faceted anti-side-channel attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943335.6A CN106452789B (en) | 2016-11-02 | 2016-11-02 | A kind of endorsement method of multi-faceted anti-side-channel attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106452789A true CN106452789A (en) | 2017-02-22 |
CN106452789B CN106452789B (en) | 2019-06-18 |
Family
ID=58177580
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610943335.6A Active CN106452789B (en) | 2016-11-02 | 2016-11-02 | A kind of endorsement method of multi-faceted anti-side-channel attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452789B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107508678A (en) * | 2017-10-13 | 2017-12-22 | 成都信息工程大学 | The side-channel attack method of RSA masks defence algorithm based on machine learning |
CN109379185A (en) * | 2018-10-22 | 2019-02-22 | 飞天诚信科技股份有限公司 | A kind of safe RSA operation implementation method and device |
CN109831290A (en) * | 2019-01-24 | 2019-05-31 | 上海交通大学 | For the side Multiple Channel Analysis method based on CAVE algorithm authentication protocol |
CN110048840A (en) * | 2019-04-28 | 2019-07-23 | 苏州国芯科技股份有限公司 | A kind of information processing method based on RSA Algorithm, system and associated component |
CN112332970A (en) * | 2019-08-05 | 2021-02-05 | 上海复旦微电子集团股份有限公司 | Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm |
CN114048472A (en) * | 2022-01-17 | 2022-02-15 | 浙江大学 | Linear code mask and bit slicing technology-based defense method for resisting bypass attack |
CN114679281A (en) * | 2022-03-15 | 2022-06-28 | 北京宏思电子技术有限责任公司 | RSA-based joint signature generation method and device |
CN117640090A (en) * | 2024-01-25 | 2024-03-01 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040148325A1 (en) * | 2003-01-23 | 2004-07-29 | Takashi Endo | Information processing means |
CN101196964A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Anti-bypass attack algorithm and chip thereof |
US8139763B2 (en) * | 2007-10-10 | 2012-03-20 | Spansion Llc | Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks |
CN102468956A (en) * | 2010-11-11 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method suitable for RSA modular exponentiation calculation |
CN103490885A (en) * | 2013-10-14 | 2014-01-01 | 北京华大信安科技有限公司 | Computing method and computing apparatus of RSA ((Rivest-Shamir-Adleman) adopting Chinese remainder theorem |
CN103580869A (en) * | 2013-11-06 | 2014-02-12 | 北京华大信安科技有限公司 | CRT-RSA signature method and device |
CN104660399A (en) * | 2013-11-25 | 2015-05-27 | 上海复旦微电子集团股份有限公司 | RSA modular exponentiation calculation method and device |
CN104811297A (en) * | 2015-04-23 | 2015-07-29 | 成都信息工程学院 | Method for modular multiplication remainder input side channel attacks aiming at M-ary implementation of RSA |
-
2016
- 2016-11-02 CN CN201610943335.6A patent/CN106452789B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040148325A1 (en) * | 2003-01-23 | 2004-07-29 | Takashi Endo | Information processing means |
CN101196964A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Anti-bypass attack algorithm and chip thereof |
US8139763B2 (en) * | 2007-10-10 | 2012-03-20 | Spansion Llc | Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks |
CN102468956A (en) * | 2010-11-11 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method suitable for RSA modular exponentiation calculation |
CN103490885A (en) * | 2013-10-14 | 2014-01-01 | 北京华大信安科技有限公司 | Computing method and computing apparatus of RSA ((Rivest-Shamir-Adleman) adopting Chinese remainder theorem |
CN103580869A (en) * | 2013-11-06 | 2014-02-12 | 北京华大信安科技有限公司 | CRT-RSA signature method and device |
CN104660399A (en) * | 2013-11-25 | 2015-05-27 | 上海复旦微电子集团股份有限公司 | RSA modular exponentiation calculation method and device |
CN104811297A (en) * | 2015-04-23 | 2015-07-29 | 成都信息工程学院 | Method for modular multiplication remainder input side channel attacks aiming at M-ary implementation of RSA |
Non-Patent Citations (5)
Title |
---|
CHONG HEE KIM: "How can we overcome both side channel analysis and fault attacks on RSA-CRT", 《IEEE WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY》 * |
VLSI DESIGN LAB: "CRT RSA HARDWARE ARCHITECTURE WITH FAULT AND SIMPLE POWER ATTACK COUNTERMEASURES", 《IEEE 2012 15TH EUROMICRO CONFERENCE ON DIGITAL SYSTEM DESIGN》 * |
李子木: "一种改进的CRT-RSA防御侧信道攻击算法", 《无线电通信技术》 * |
李志远: "侧信道原子化的严格自随机化模幂算法", 《微电子学与计算机》 * |
蒋惠萍: "抗侧沟道泄漏信息攻击的安全RSA-CRT算法研究", 《哈尔滨工业大学学报》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107508678A (en) * | 2017-10-13 | 2017-12-22 | 成都信息工程大学 | The side-channel attack method of RSA masks defence algorithm based on machine learning |
CN109379185B (en) * | 2018-10-22 | 2021-04-27 | 飞天诚信科技股份有限公司 | Secure RSA operation implementation method and device |
CN109379185A (en) * | 2018-10-22 | 2019-02-22 | 飞天诚信科技股份有限公司 | A kind of safe RSA operation implementation method and device |
CN109831290A (en) * | 2019-01-24 | 2019-05-31 | 上海交通大学 | For the side Multiple Channel Analysis method based on CAVE algorithm authentication protocol |
CN109831290B (en) * | 2019-01-24 | 2021-06-11 | 上海交通大学 | Side channel analysis method for CAVE algorithm authentication protocol |
CN110048840A (en) * | 2019-04-28 | 2019-07-23 | 苏州国芯科技股份有限公司 | A kind of information processing method based on RSA Algorithm, system and associated component |
CN110048840B (en) * | 2019-04-28 | 2021-10-15 | 苏州国芯科技股份有限公司 | Information processing method, system and related components based on RSA algorithm |
CN112332970A (en) * | 2019-08-05 | 2021-02-05 | 上海复旦微电子集团股份有限公司 | Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm |
CN114048472A (en) * | 2022-01-17 | 2022-02-15 | 浙江大学 | Linear code mask and bit slicing technology-based defense method for resisting bypass attack |
CN114679281A (en) * | 2022-03-15 | 2022-06-28 | 北京宏思电子技术有限责任公司 | RSA-based joint signature generation method and device |
CN114679281B (en) * | 2022-03-15 | 2023-12-01 | 北京宏思电子技术有限责任公司 | RSA-based joint signature generation method and apparatus |
CN117640090A (en) * | 2024-01-25 | 2024-03-01 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
CN117640090B (en) * | 2024-01-25 | 2024-04-12 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
Also Published As
Publication number | Publication date |
---|---|
CN106452789B (en) | 2019-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106452789B (en) | A kind of endorsement method of multi-faceted anti-side-channel attack | |
JP5412274B2 (en) | Protection from side channel attacks | |
CN104836670B (en) | A kind of SM2 signature algorithm security verification method unknown based on random number | |
US8767955B2 (en) | Protection of a modular exponentiation calculation by multiplication by a random quantity | |
CN109214195A (en) | A kind of the SM2 ellipse curve signature sign test hardware system and method for resisting differential power consumption attack | |
CN104796250B (en) | The side-channel attack method realized for rsa cryptosystem algorithm M-ary | |
CN108964914A (en) | The SM2 dot product framework of preventing side-channel attack | |
CN108242994A (en) | The treating method and apparatus of key | |
CN103490885B (en) | Use the computational methods of the RSA of Chinese remainder theorem and calculate device | |
Campos et al. | Trouble at the CSIDH: protecting CSIDH with dummy-operations against fault injection attacks | |
CN107896142B (en) | Method and device for executing modular exponentiation and computer readable storage medium | |
KR101061906B1 (en) | Basic Computing Device and Method Safe for Power Analysis Attack | |
TW586086B (en) | Method and apparatus for protecting public key schemes from timing, power and fault attacks | |
Putranto et al. | Space and time-efficient quantum multiplier in post quantum cryptography era | |
Onuki et al. | A constant-time algorithm of CSIDH keeping two points | |
Barenghi et al. | A novel fault attack against ECDSA | |
CN105119929B (en) | Safe module exponent outsourcing method and system under single malice Cloud Server | |
CN103580869B (en) | A kind of CRT-RSA signature method and device | |
CN101436932A (en) | Module power computation method capable of resisting simple current drain aggression | |
CN111931176A (en) | Method and device for defending side channel attack and readable storage medium | |
El Mrabet et al. | A practical differential power analysis attack against the miller algorithm | |
US20140334621A1 (en) | Method for Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields Countermeasure for Simple-Side Channel Attacks and C-Safe-Fault Attacks for Left-to-Right Algorithms | |
Pornin | Double-odd elliptic curves | |
EP2293185A1 (en) | Exponentiation method resistant against skipping attacks and apparatus for performing the method | |
Bock | SCA resistent implementation of the Montgomery kP-algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |